diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-04-29 19:03:55 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-05-20 15:29:19 +0200 |
| commit | 86d5c56950489bc8469f73602d793ef48af6419a (patch) | |
| tree | ebbcc93320c8379ac1afc854dabce777753ab5d1 /lib/algorithms.h | |
| parent | 13cc2e983446f578fa7aee7ef00231c35ddbf6e7 (diff) | |
| download | gnutls-86d5c56950489bc8469f73602d793ef48af6419a.tar.gz | |
server auth: disable TLS 1.3 if no signature algorithm is usable
This is a server side counterpart of
005a4d04145707daad9588acedfdb5f6cd97c80c.
Instead of signalling an error when no algorithm is usable in TLS 1.3,
it downgrades the session to TLS 1.2 with a warning.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/algorithms.h')
| -rw-r--r-- | lib/algorithms.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 6f82879d31..870e9d6d35 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -395,6 +395,9 @@ _gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver); const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t sign); +const gnutls_sign_entry_st * +_gnutls13_sign_get_compatible_with_privkey(gnutls_privkey_t privkey); + unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits); gnutls_digest_algorithm_t _gnutls_pk_bits_to_sha_hash(unsigned int pk_bits); |